On Sunday, Kim Dotcom, founder of megaupload.com launched a new site mega.co.nz in a move that has been called the next act in the biggest “SOPA Opera” since the bill’s inception. In this article, the IPilogue brings readers up to speed on the largest criminal copyright infringement case in history. Buckle up folks, this is quite the tale.

What is Megaupload?

Megaupload Limited is an online Hong Kong-based company established in 2005 by German-born Internet entrepreneur Kim Dotcom (born Kim Schmitz). Before the dramatic seizure of its assets by the US Department of Justice (DOJ) a year ago, Megaupload was known as the internet’s most popular cyberlocker service. It boasted over 50 million daily visitors and accounted for 4% of all internet traffic in 2011.

What is a “Cyberlocker”?

A “cyberlocker” is a private data storage provider. It generally describes web services that allow internet users to upload one or more files onto the host’s server free of charge. Like most cyberlockers, Megaupload.com reproduces the file on at least one server it controls and provides the uploading user a unique URL for distribution. Those who access the file via this URL can then download it.

The Issue: Service Provider or Pirate King?

This is all rather innocuous if users are only uploading their own content, however, the controversial question is whether or not Megupload has any criminal liability when its service is used for the illegal distribution of copyright protected materials. According to the MPAA, the illegal sharing of copyright protected material through the Megaupload service costs Hollywood studios over $500 million per year.

The Take Down, the Hacktivist Response, and the Fight for Dotcom’s Extradition

As was reported on this blog, on January 19, 2012 the New Zealand Police, acting upon a request from the FBI, arrested Dotcom and three other Megaupload executives in a leased $30 million mansion in Coatesville, NZ. Over $17M of Dotcom’s assets were seized including sports cars and art work in the raid.

Within twenty-four hours of the police action, the hacktivist group Anonymous responded by taking down the US Department of Justice, RIAA, MPAA, and Universal Music sites.

On March 5, 2012, a formal request for the extradition to the United States of Kim Dotcom and three other senior Megaupload staff was filed in a New Zealand court but the decision was delayed by the New Zealand courts until March 2013.

The DOJ’s Indictment

The indictment alleged that Megaupload differed from other online file storage businesses because it engaged in criminal copyright infringement.

The indictment provided a number of instances that allegedly showed criminal behaviour on the part of Megaupload’s executives and also pointed to certain aspects of Megaupload’s design as evidence of criminal intent. Some of these are listed below.

In practice, the “vast majority” of Megaupload users do not have any significant long term private storage capability. Continued storage is dependent upon regular downloads of the file occurring. Files that are infrequently accessed are rapidly removed in most cases, whereas popular downloaded files are retained. Because access to copyright protected material is popular among Megaupload users, the DOJ argues that this business model actively encourages copyright infringement. (items 7 – 8 )

An incentive program was adopted encouraging the upload of “popular” files in return for payments to successful uploaders. (item 69)

A comprehensive takedown method was used by Megaupload to identify child pornography, but was not deployed to remove copyright infringing content. (item 24)

Users found to have been infringing copyright did not have their accounts terminated, and the defendants “made no significant effort to identify users who were using the Mega Sites or services to infringe copyrights, to prevent the uploading of infringing copies of copyrighted materials, or to identify infringing copies of copyrighted works” (item 55–56)

Dotcom’s Defense: “I am but an online service provider.”

Dotcom maintains that his company’s service operates within the bounds of the Digital Millennium Copyright Act (DMCA) and points to the fact that all users, including members of the MPAA, have the ability to directly delete links to any infringing material. Additionally, Dotcom maintains that Megaupload cannot police the activity of its users because of the Electronic Communication Privacy Act (ECPA).

Moreover, Dotcom argues that the number of illegal files stored on Megaupload is small compared to the number of legitimate files stored on its servers. “We are a relatively small company,” says Dotcom, “It is simply not possible for us to monitor the activities of all our users at all times… Never mind the fact that to do so would be in violation of the ECPA.”

Dotcom describes his service as no different from Youtube, Google Drive, or Dropbox.

Safe Harbor Provisions: Not An Impenetrable Shield

The US DMCA provides safe harbour for sites that promptly take down infringing content. The problem for Dotcom is that safe harbour does not exist if it can be shown that the company had actual knowledge of infringement and did nothing about it.

Moreover, the indictment argues that by simply removing links to infringing material and not the actual files themselves, Megaupload was circumventing the spirit of the DMCA and was in fact, not in compliance.

Crim Pro Drama: Do US Criminal Laws Apply to Companies that Have No US Presence?

In July 2012, Megaupload asked Virginia Judge Justice Liam O’Grady to dismiss the indictment because (in its view) the federal rules of criminal procedure provide no way to serve notice on corporations that do not have a U.S. address. While O’Grady J. dryly mused that it was not likely the intent of Congress to allow foreign corporations to “be able to violate our laws indiscriminately from an island in the South Pacific,” he acknowledged this difficulty in the DOJ’s case.

For its part, the US government suggested that it could sidestep the mailing requirement in a few ways. For example, it argues, it could wait for Dotcom (Megaupload’s representative) to be extradited to the US and then mail notice to his address in prison. This argument was accepted by Justice O’Grady, however it may not bear fruit given recent complications in Dotcom’s extradition proceedings.

In August, 2012, the New Zealand High Court upheld a ruling that the US government must show the evidence it has against Kim Dotcom and his co-executives prior to their extradition hearings in March. High Court judge, Justice Helen Winklemann, said that any country seeking an extradition “ha[s] an obligation of candor.” This requires the country in question to disclose to the court any evidence that could affect the decision of whether the threshold for extradition had been met.

The US government also mentioned the possibility of using the provisions of a Mutual Legal Assistance Treaty to send notice to Megaupload’s Hong Kong address. But Justice O’Grady seemed skeptical of these arguments, noting the “plain language” of the law required sending notice to the company’s address in the United States.

Meanwhile the DOJ states that even if the indictment of Megaupload is dismissed, it can continue its indefinite freeze on the company’s assets while it awaits the extradition of Dotcom and his associates. For those who promote a free and unrestricted internet, this move has been roundly criticized as an outrageous overextension of power by US judiciary. For those seeking damages from Megaupload’s actions, this move is but the first step in what they hope to be a long line of aggressive prosecutions of copyright violators.

Wiretapping by the Kiwis?

Then in September of last year, the Prime Minister of New Zealand announced that an investigation had been launched into allegations that a kiwi government intelligence service, the Government Communications Security Bureau (GCSB) had illegally intercepted the communications of Dotcom and others targeted in the case. These wiretappings, apparently led to the SWAT-style raid of Dotcom’s mansion and the arrest of the CEO and his senior management team.

By law, the GCSB is not allowed to intercept communications involving New Zealand citizens and residents. In limited circumstances, it may obtain warrants to intercept foreign communications outside of its authority, but this requires the minister to sign off on such warrants before conducting the surveillance. Key said he was not asked to approve warrants in this case, nor was he briefed on the GCSB operation beforehand.

Allegations of “Entrapment by Ninja”

This controversy involves Megaupload’s compliance with a then-secret US search warrant targeting five of its users who were running their own file-sharing service using Megaupload’s infrastructure. A year and a half before its own indictment, Megaupload complied with the warrant and turned over a database on the 39 pirated movies detailed in the warrant that linked the files to the file-sharing service NinjaVideo. NinjaVideo was later indicted and its leader was sentenced to 22 months in prison for criminal copyright conspiracy.

Despite Megaupload’s cooperation, the 39 infringing NinjaVideo files were used as evidence to seize Megaupload.com domains and prosecute Dotcom and others connected to the site. Because Megaupload did not delete the 39 movie files from its servers, the government was able to argue that the company knew full well that its service was being used for piracy.

According to Megaupload, although the FBI had already begun its own investigation of Megaupload as a potential copyright criminal, that information was not disclosed to Megaupload. In this case the government treated the company as NinjaVideo’s internet service provider and asked it to keep the NinjaVideo warrant quiet. Megaupload claims it did not remove the files because they were asked to maintain the secrecy of the investigation, and removing the files may have alerted NinjaVideo that they were under investigation.

Then, in December 2011 a music video was released showing artists including Will.I.Am, P.Diddy, Allicia Keys, Kanye West and others, endorsing Megaupload. Within a week of its release, the video was removed from Youtube by Universal Music.

In response, Megaupload published the appearance consent and release agreements signed by the stars and sued Universal, claiming the label had sabotaged its viral advertising campaign.

(Are you still with us?)

So to Summarize…

We have a larger than life millionaire head of a Hong Kong based company, living in New Zealand, whose mansion was raided in an epic move to apply a US criminal charge to a company that has no legal presence in the United States.

We have a beleaguered New Zealand Prime Minister leading the charge in an investigation into his own government for the overzealous (and potentially criminal) surveillance of one of its most eccentric residents.

We have a gaggle of rogue celebrities who have thrown their personal support behind a company that the largest trade organizations in their industries are foaming at the mouth to put behind bars.

On the one hand, copyright owners are certainly entitled redress for the blatant and wanton theft of their work –otherwise what is the point of having copyright laws? I think many would agree that one does not have a “right” to watch a movie six months before its release in the same way one has a “right” to life, liberty, and the pursuit of happiness.

On the other hand, how reasonable is it for the US government to demand extradition of a foreign person and company to answer to criminal charges within its borders? More to the point, how reasonable is it for us to demand that service providers be wholly responsible for the activities of its users, particularly when these businesses have reached the scale and magnitude attained by Megaupload? To what extent should copyright law be allowed to reign in online innovation?

And what duty do these service providers have in protecting the privacy of its users? What duty does the US government have for that matter? Should the US government be allowed to go after individual users from all over the globe now that it has possession of Megaupload’s files?

These questions and many more are likely to be hot topics of debate in the coming weeks. Tune in for more coverage from the IPilogue editorial team as this drama unfolds (and have your popcorn ready).

3 Responses to “Mega Rises Again”

There’s a lot of chatter online about how the “new” megaupload threatens to “revolutionize copyright”, but I’m not sure I buy it. All the built in encryption does would be to allow Mega to say “we have no way of knowing what is uploaded automatically”, meaning it can easily become a haven for child porn. Since any file sharing will require the sharing of the public key for decryption, I fail to see why they would not be subject to the same kinds of DMCA requests that other filelockers have been subject to – once the public link is shared with the public key, then any content-owner can surely take that it hand and demand takedown. The MPAA doesn’t care about privately shared files between 2 people – it cares about making content publicly available, so it’s still going to go after anything with a public link. All it seems to prevent is Mega’s liability absent ignored DMCA requests (which I don’t think is as big a deal as people are making it out to be), whilst creating the possibility that it will be the world’s highest trafficked child porn site because of its automatic encryption.

As you say, the “encryption absolves liability” position is tricky because 512(a)(4) states ISPs are not liable so long as no copies are available to people other than the anticipated recipients and that these copies are not stored on the system for a period longer than is reasonably necessary for transmission.

Re: Child pornography
Mega’s new marketing campaign seems to indicate that it is no longer going to police user content as it has done in the past. However, item 8 of their new terms of service (https://mega.co.nz/#terms) states that Mega reserves the right to delete content that is found to be duplicated elsewhere on their system.

While deduplication can be done using certain encryption methods (convergent encryption for e.g.) –it does raise some questions as to how “blind” Mega truly is to the content flowing through its servers.

It is likely that Mega’s position is that this is being done to ensure efficient storage of files on Mega’s servers.

Many on the net are interested to learn more about Mega’s “new” encryption model and I believe the Ipilogue plans to release a piece later next week discussing this topic.

Other Thoughts:
Another editor and I were discussing this case, and one question we have is how much of “Mega” is Dotcom flipping the DOJ the bird and how much of it is Dotcom positioning himself for a plea bargain based on “Megaupload”‘s seized databases.

Is it possible that a natural extension of his “I am but an ISP-position” is that he intends to assist the DOJ seek out and prosecute some of his former users (as he supposedly did with Ninjavideo)? If so, that raises some serious questions related to your area of interest.

The newsfeeds should be pretty interesting in the upcoming months.

Leave a Reply

All replies and responses are moderated and will not appear on the site immediately. Please see our response policy.